[mod_cluster-issues] [JBoss JIRA] (MODCLUSTER-677) Upgrade com.puppycrawl.tools:checkstyle to version 8.18 or later
Radoslav Husar (Jira)
issues at jboss.org
Fri Mar 15 05:15:00 EDT 2019
[ https://issues.jboss.org/browse/MODCLUSTER-677?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Radoslav Husar updated MODCLUSTER-677:
--------------------------------------
Issue Type: Component Upgrade (was: Task)
> Upgrade com.puppycrawl.tools:checkstyle to version 8.18 or later
> ----------------------------------------------------------------
>
> Key: MODCLUSTER-677
> URL: https://issues.jboss.org/browse/MODCLUSTER-677
> Project: mod_cluster
> Issue Type: Component Upgrade
> Components: Core & Container Integration (Java)
> Affects Versions: 2.0.0.Alpha1
> Reporter: Radoslav Husar
> Assignee: Radoslav Husar
> Priority: Major
>
> 1 com.puppycrawl.tools:checkstyle vulnerability found in pom.xml 17 hours ago
> Remediation
> Upgrade com.puppycrawl.tools:checkstyle to version 8.18 or later. For example:
> <dependency>
> <groupId>com.puppycrawl.tools</groupId>
> <artifactId>checkstyle</artifactId>
> <version>[8.18,)</version>
> </dependency>
> Always verify the validity and compatibility of suggestions with your codebase.
> Details
> CVE-2019-9658 More information
> moderate severity
> Vulnerable versions: < 8.18
> Patched version: 8.18
> Checkstyle prior to 8.18 loads external DTDs by default, which can potentially lead to denial of service attacks or the leaking of confidential information.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the mod_cluster-issues
mailing list